126      iPhone_iPad_Mac_apple

Google says Etrecheck=Malware

So I did a little digging and looked at the files, strings, etc. that come packaged within Etrecheck. One file resolved to 85 5 225 98 which your Network Utility will tell you is some Virgin Media owned webpage.

I downloaded etrecheck on several computers and got the same result. That IP address is malicious website according to Google https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url =cpc105296-live28-2-0-cust609.17-2.cable.virginm.net it is a distributor of malicious files and redirects visitors to other sites that do this as well.

I know reality can be tough, but how in good conscious could people be recommending this app which can't even make the cut for the App Store which the malware-infected program "Thor Anti-Virus" has?

So what's the explanation? I don't expect anyone to have one. I'll try to contribute these facts as often as possible.

Frankly, I think it's treating people like they aren't smart enough to run a simple script in the terminal to get a real system_profiler report or sysdiagnose. There's not even any way to verify what should and shouldn't be in a lot of the configurations/files/etc. and even if you could verify the name of it there's no checksum to compare to for the content of the data or to verify the authenticity of the script that was ran to get the information.

I personally don't think having a bunch of points on here is a good thing..I think its a representation on how much life someone has spent on this anonymous Internet forum. Not to be insulting because I'd imagine some people must be very proud of their knowledge or something but if you aren't even looking at things closely and just repeating what someone else said once that sounded right are you even really helping anyone?

If you downloaded it from anywhere other than https://etrecheck.com/ then it has likely been repackaged with the items that you've reported.

See https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url =https://etrecheck.com/ for the report on the real site where it comes back with "no unsafe content found".

tt2

FYI, you should only download directly from the developer website.

For this case it's https://etrecheck.com/

Anywhere else is never recommended and you should follow this advice.

Couple of things;

1. Google says no such thing. Google says that an address you looked up is possibly a dangerous site. Google makes no comment whatever about Etrecheck. To get from what you discovered about one IP address to smear and insult the maker of Etrecheck (and everyone else who helps on here) is a considerable leap of logic. It simple doesn't hold. .

2. 85.5.225.98 is in Switerland and not owned by Virgin Media. A quick Whois will tell you it's owned by a Swiss ISP called Bluewin.ch. - Or so Google tells me.

There are two possibilities here: one is that you are right and by thousand of people who have installed and used Etrecheck have somehow had their machines compromised -  and not one of them have noticed anything awry.

The other is that you are mistaken. And from that mistake you're insulting everyone who helps on here.

chase_daniel wrote:

 

 

I personally don't think having a bunch of points on here is a good thing..I think its a representation on how much life someone has spent on this anonymous Internet forum. Not to be insulting because I'd imagine some people must be very proud of their knowledge or something but if you aren't even looking at things closely and just repeating what someone else said once that sounded right are you even really helping anyone?

And yet, you're managing to be extremely insulting. A lot of people have spent a lot of time trying to help you. Those people have much, much more experience than you do.

What you're doing reminds me of the people who research their physical symptoms on the internet and then think they know more than their doctor does. It's the sort of mindset that leads people to decide that coffee enemas are a better treatment for cancer than chemotherapy.

If you don't want the help of people here, that's fine. But have the decency to simply leave rather than smear the people who've tried to help you and the person who has, purely out of a desire to help the community, written a very useful utility.

chase_daniel wrote:

 

 

I personally don't think having a bunch of points on here is a good thing

Then you clearly have no concept of how this forum works. The ONLY way to get points is to help other users, and have them acknowledge that you helped them. You get no points for just posting (except for 4 points the first time you post). For example, turingtest2 has 106,148 points as of today. You get 5 points when someone who posts a problem says you helped them. You get 10 points when that user says you solved their problem. So 106,000 points means that at least 10,600 and up to 21,200 people found a response either helpful or that it solved their problem. And only a minority of people who were helped bother to acknowledge it, so the actual number of helpful posts made by tt2 (as we call him) is much higher than that. How can this not be a good thing?

People make fun of "nerds", accuse them of having no life. Until they need technical help.

Not to mention, everyone should decide for themselves what constitutes "having a life". As long as it makes me happy and isn't illegal, it's "having a life", whatever I chose to do.

One file resolved to 85 5 225 98

Your saying that one file contains the value of 85522598 ?  How do you know it's an internet address?  Could be the result of a dice roll.

R

I think he meant what Terence wrote. 85.5.225.98 as an IP address. Which Terence also noted belongs to Swisscom.ch .

Sorry I totally forgot to look at this discussion but I wanted to make what I was saying more clear in case what I was saying was confusing.

The problem that google identifies is not with the etrecheck website--I downloaded the file from the developer's website from several random devices and got the same checksum for all of the files.

The report that I posted above is for whatever domain resolves from the IP address that Etrecheck calls out when the program is run.

Running that transparency report like you did doesn't mean anything since the transparency report doesn't look that deeply into files. (any file could have some data added to the end to make it do just about anything....)

Once again the issue I'm stating is the software makes HTTP requests to another server that is a well established distributor of malware. It also did not send any packets to the IP address that resolves from the developers domain name as I recall.

Sorry if that was too complex..

Please read what I said above. I apologize if there's a lot of steps there but the issue is not with the developer's website. It's with that IP address which is requested by executable file found in the software's package which I downloaded from the developer's website.

It seems like trying to reproduce my results yourself without bias going into it would have make you a more responsible user of this forum. You could be sure one way or the other if a program which can't even find its way into the Mac App Store after all these years is or isn't malware.

chase_daniel wrote:

 

You could be sure one way or the other if a program which can't even find its way into the Mac App Store after all these years is or isn't malware.

The developer of etrecheck has chosen not to put it in the Mac App Store. That doesn't mean that it's malware. It's not. Microsoft Word isn't in the Mac App Store. Is it also malware?

Comes off as a little defensive.

I'll repeat..I'm not wrong..but I certainly apologize for insulting malware developers and all of their many significant contributions to society.

The difference between researching symptoms online and researching malware is that malware is actually part of a computer and testing for it on a computer is using the appropriate medium. You can't check your bloodpressure through the terminal but you can certainly run all sorts of diagnostics like sysdiagnose, system_profiler, systemstats, hpmdiagnose, kextutil, ndp, security, tbtdiagnose . It's even the only way to access and verify a lot of configurations that can't directly be edited.. Hypochondriacs aren't performing definitive tests when they google stuff. So no it's more like going to the doctor to have tests done.

It's kind of pretentious to look down on someone who's not as knowledgable. I couldn't use a word processor 2 years ago and don't think there's any shame in not knowing something and wanting to know more.

"Those people have much, much more experience than you do." Much, much more experience and pretty much 0 useful answers. Most of the questions I've asked go unanswered.

I'm not "smearing" anyone...When one overlooks the true statements I made and instead implies I'm wrong and just making things up but doesn't provide any evidence or reference to why they've made such statements..I'd say that more closely fits the definition of smearing. Journalists report unpleasant things all the time..its called "the news." I simply stated the facts and the steps I performed to support the fact that Google says Etrecheck=Malware...because it does.

I'm not Google or Etrecheck. Don't shoot the messenger or as Plato said "no one is more hated than he who speaks the truth."

chase_daniel wrote:

You could be sure one way or the other if a program which can't even find its way into the Mac App Store after all these years is or isn't malware.

The Mac App Store limits what application can do.  Etrecheck could not function within those limits.

I think its a representation on how much life someone has spent on this anonymous Internet forum

You certainly spend considerable time trying to find something wrong with most anything.

As I said in an earlier post: I would not buy or sell the computer and not spend any time at all online. That way you'd be safe.

最後更新：2017-11-05 16:52:49

  上一篇： I just noticed a shared user on my mac but I ha...

  下一篇： How to repair or replace damaged resource data ...